HTTP/2 Multiple DoS Attacks (VU#605641) Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-225 Final 1 1 2019-09-03T00:00:00 Current version 2019-09-03T00:00:00 2019-09-03T00:00:00 Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service (DoS) attacks.The related CVEs are:CVE-2019-9511, also known as Data DribbleCVE-2019-9512, also known as Ping FloodCVE-2019-9513, also known as Resource LoopCVE-2019-9514, also known as Reset FloodCVE-2019-9515, also known as Settings FloodCVE-2019-9516, also known as 0-Length Headers LeakCVE-2019-9517, also known as Internal Data BufferingCVE-2019-9518, also known as Empty Frame Flooding Denial of service The following products have been confirmed to NOT be vulnerable to any of the above:FortiOSFortiAPFortiSwitchFortiAnalyzerFortiWebFortiManagerFortiMail https://fortiguard.fortinet.com/psirt/FG-IR-19-225 HTTP/2 Multiple DoS Attacks (VU#605641) https://kb.cert.org/vuls/id/605641/ https://kb.cert.org/vuls/id/605641/ CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 0 https://fortiguard.fortinet.com/psirt/FG-IR-19-225 HTTP/2 Multiple DoS Attacks (VU#605641) Reference> https://kb.cert.org/vuls/id/605641/ https://kb.cert.org/vuls/id/605641/